The security token is missing from your request.

AndyX

Well-Known Member
Sep 25, 2015
107
13
68
Los Altos, CA
cPanel Access Level
Root Administrator
Please eliminate this erroneous message:

1623427280753.png

In Firefox I have my preference set to delete all cookies when I exit Firefox. So the "The security token is missing from your request" will always show no matter what I do. I don't think the message serves any useful purpose and should be eliminated.

Thank you.
 

cPJustinD

Administrator
Staff member
Jan 12, 2021
286
52
103
Houston
cPanel Access Level
Root Administrator
I was able to replicate this; however, this appears to be expected behavior. If you would like, you can submit a feature request using the "Submit a Feature Request" link in my signature.

Our feature request site is actively reviewed and curated by our development team to identify potential future build plans and accept ideas and suggestions from our community. Adding a feature request here will allow the rest of cPanel's users to vote for it if it's something they would like to see implemented as well.

While we cannot guarantee that all requests will be accepted, this is the best way to make suggestions visible to the teams that build cPanel.

Additionally, you can also open a support ticket using the "Submit a ticket" link in my description to see if our analyst may be able to determine a workaround for the issue. If you decide to open a ticket, please provide the ticket number here to follow the ticket and update this thread with the resolution if possible.
 

cPJustinD

Administrator
Staff member
Jan 12, 2021
286
52
103
Houston
cPanel Access Level
Root Administrator
You can also prevent this warning by logging out of the cPanel account properly before closing the browser. I tested this myself, and I no longer experiencing the warning upon the next login. The only additional step involved here is clicking the Logout option in cPanel before closing the browser.

I hope that this helps!
 

AndyX

Well-Known Member
Sep 25, 2015
107
13
68
Los Altos, CA
cPanel Access Level
Root Administrator
You can also prevent this warning by logging out of the cPanel account properly before closing the browser. I tested this myself, and I no longer experiencing the warning upon the next login. The only additional step involved here is clicking the Logout option in cPanel before closing the browser.

I hope that this helps!
Hi Justin,

Sorry but this does not solve the issue. Logging out only sets a cookie. However as I explained in my first post, I use Firefox and the preference setting is to delete all cookies when I exit Firefox. so logging out "properly" is not a solution. The solution is to eliminate this erogenous message which is only found on cPanel and nowhere else on any other websites that I know of.
 

AndyX

Well-Known Member
Sep 25, 2015
107
13
68
Los Altos, CA
cPanel Access Level
Root Administrator
Update on this bug. If cookies are cleared and I open a new tab and go to the following URL:

https://domain.com:2083

the login page does not show the "The security token is missing from your request." error message. However if I'm already logged into cPanel on one tab and I open a new tab, go to cPanel URL I get the "The security token is missing from your request." error message and a login page. This seams to be a bug, I'm already logged into cPanel on another tab, why does the second tab initiate a login, it should just go directly into cPanel home page.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
656
62
103
Houston, TX
cPanel Access Level
Root Administrator
Hello! I can't seem to replicate this as of yet. I am guessing you're able to fully replicate it without issue? Would you be able to open a ticket using the link in my signature, or ask your web hosting provider to do so if you can't? I believe this would warrant a look. Please update me with the ticket ID if you do so.
 

AndyX

Well-Known Member
Sep 25, 2015
107
13
68
Los Altos, CA
cPanel Access Level
Root Administrator
I am guessing you're able to fully replicate it without issue?
Yes I can replicate on many of the web hosting accounts I have at KnownHost. I asked KnownHost's tech support about this issue and they tell me:

This is actually the expected behavior of cPanel. It behaves like this so that a valid security token can not be pulled from your current active session and then used on another session somewhere else. This is what is known as cross site request forgery.

This article has some details on those:

https://owasp.org/www-community/attacks/csrf